TEST 201-300
In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered? A. Continuous security monitoring B. Baseline configuration and host hardening C. Service Level Agreement (SLA) monitoring D. Security alerting and trending
A. Continuous security monitoring
What is a system that is intended or designed to be broken into by an attacker? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system
A. Honeypot
Which of the following is a notification that an unusual condition exists and should be investigated? A. Alert B. Trend C. Alarm D. Trap
A. Alert
Which of the following is an example of a false positive? A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow.
A. Anti-virus identifies a benign application as malware.
The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO) A. Asset tracking B. Screen-locks C. GEO-Tracking D. Device encryption
A. Asset tracking D. Device encryption
The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
A. Black box
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: A. Black box testing B. White box testing C. Black hat testing D. Gray box testing
A. Black box testing
Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? A. Buffer overflow B. Pop-up blockers C. Cross-site scripting D. Fuzzing
A. Buffer overflow
security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO). A. Detect security incidents B. Reduce attack surface of systems C. Implement monitoring controls D. Hardening network devices E. Prevent unauthorized access
A. Detect security incidents C. Implement monitoring controls
Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). A. Disable the USB root hub within the OS. B. Install anti-virus software on the USB drives. C. Disable USB within the workstations BIOS. D. Apply the concept of least privilege to USB devices. E. Run spyware detection against all workstations
A. Disable the USB root hub within the OS. C. Disable USB within the workstations BIOS.
Joe a company's new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues? A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers B. Ensure the vulnerability scanner is configured to authenticate with a privileged account C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers D. Ensure the vulnerability scanner is conducting antivirus scanning
A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers
Which of the following is an application security coding problem? A. Error and exception handling B. Patch management C. Application hardening D. Application fuzzing
A. Error and exception handling
Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO). A. Full device encryption B. Screen locks C. GPS D. Asset tracking E. Inventory control
A. Full device encryption B. Screen locks
A way to assure data at-rest is secure even in the event of loss or theft is to use: A. Full device encryption. B. Special permissions on the file system. C. Trusted Platform Module integration. D. Access Control Lists.
A. Full device encryption.
Which of the following application security testing techniques is implemented when an automated system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation
A. Fuzzing
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct? A. Gray Box Testing B. Black Box Testing C. Business Impact Analysis D. White Box Testing
A. Gray Box Testing
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed? A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. C. Exploit security controls to determine vulnerabilities and misconfigurations. D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information? A. Implement a honeynet B. Perform a penetration test C. Examine firewall logs D. Deploy an IDS
A. Implement a honeynet
Which of the following is a best practice for error and exception handling? A. Log detailed exception but display generic error message B. Display detailed exception but log generic error message C. Log and display detailed error and exception messages D. Do not log or display error or exception messages
A. Log detailed exception but display generic error message
A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program's behavior? A. Operating system's integrity is maintained B. Program's availability is maintained C. Operating system's scalability is maintained D. User's confidentiality is maintained
A. Operating system's integrity is maintained
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use? A. Port scanner B. Network sniffer C. Protocol analyzer D. Process list
A. Port scanner
After a security incident involving a physical asset, which of the following should be done at the beginning? A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions.
A. Record every person who was in possession of assets, continuing post-incident.
Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended? A. Screen lock B. Voice encryption C. GPS tracking D. Device encryption
A. Screen lock
A small company has recently purchased cell phones for managers to use while working outside if the office.The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company's requirements? A. Screen-lock B. Disable removable storage C. Full device encryption D. Remote wiping
A. Screen-lock
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could: A. Set up a honeypot and place false project documentation on an unsecure share. B. Block access to the project documentation using a firewall. C. Increase antivirus coverage of the project servers. D. Apply security updates and harden the OS on all project servers.
A. Set up a honeypot and place false project documentation on an unsecure share.
Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser
A. Sniffer
The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? A. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C. The cost associated with distributing a large volume of the USB pens D. The security risks associated with combining USB drives and cell phones on a network
A. The risks associated with the large capacity of USB drives and their concealable nature
Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions? A. Unexpected input B. Invalid output C. Parameterized input D. Valid output
A. Unexpected input
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform? A. Vulnerability assessment B. Black box testing C. White box testing D. Penetration testing
A. Vulnerability assessment
An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform? A. Vulnerability scan B. Risk assessment C. Virus scan D. Network sniffer
A. Vulnerability scan
Which of the following tests a number of security controls in the least invasive manner? A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep
A. Vulnerability scan
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following? A. Vulnerability scanning B. SQL injection C. Penetration testing D. Antivirus update
A. Vulnerability scanning
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise? A. Vulnerability scanning B. Port scanning C. Penetration testing D. Black box
A. Vulnerability scanning
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate? A. War dialing B. War chalking C. War driving D. Bluesnarfing
A. War dialing
Which of the following would prevent a user from installing a program on a company-owned mobile device? A. White-listing B. Access control lists C. Geotagging D. Remote wipe
A. White-listing
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link? A. Baseline reporting B. Design review C. Code review D. SLA reporting
B. Design review
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR). A. 21 B. 22 C. 23 D. 69 E. 3389 F. SSH G. Terminal services H. Rlogin I. Rsync J. Telnet
B. 22 C. 23 F. SSH J. Telnet
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of? A. Privilege escalation B. Advanced persistent threat C. Malicious insider threat D. Spear phishing
B. Advanced persistent threat
Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? A. Patch management B. Application fuzzing C. ID badge D. Application configuration baseline
B. Application fuzzing
Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure? A. Error and exception handling B. Application hardening C. Application patch management D. Cross-site script prevention
B. Application hardening
A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers? A. Passive scanning B. Banner grabbing C. Protocol analysis D. Penetration testing
B. Banner grabbing
The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing? A. Grey box testing B. Black box testing C. Penetration testing D. White box testing
B. Black box testing
Allowing unauthorized removable devices to connect to computers increases the risk of which of the following? A. Data leakage prevention B. Data exfiltration C. Data classification D. Data deduplication
B. Data exfiltration
A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task? A. Secure coding B. Fuzzing C. Exception handling D. Input validation
B. Fuzzing
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company? A. Vulnerability scanner B. Honeynet C. Protocol analyzer D. Port scanner
B. Honeynet
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal? A. Penetration testing B. Honeynets C. Vulnerability scanning D. Baseline reporting
B. Honeynets
Which of the following should an administrator implement to research current attack methodologies? A. Design reviews B. Honeypot C. Vulnerability scanner D. Code reviews
B. Honeypot
Which of the following security architecture elements also has sniffer functionality? (Select TWO). A. HSM B. IPS C. SSL accelerator D. WAP E. IDS
B. IPS E. IDS
Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO). A. Steganography images B. Internal memory C. Master boot records D. Removable memory cards E. Public keys
B. Internal memory D. Removable memory cards
Which of the following is the term for a fix for a known software problem? A. Skiff B. Patch C. Slipstream D. Upgrade
B. Patch
Which of the following practices is used to mitigate a known security vulnerability? A. Application fuzzing B. Patch management C. Password cracking D. Auditing security logs
B. Patch management
Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place? A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan
B. Penetration test
Which of the following is BEST utilized to actively test security controls on a particular system? A. Port scanning B. Penetration test C. Vulnerability scanning D. Grey/Gray box
B. Penetration test
Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? A. Switches B. Protocol analyzers C. Routers D. Web security gateways
B. Protocol analyzers
A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen? A. Application control B. Remote wiping C. GPS D. Screen-locks
B. Remote wiping
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring? A. Set up a protocol analyzer B. Set up a performance baseline C. Review the systems monitor on a monthly basis D. Review the performance monitor on a monthly basis
B. Set up a performance baseline
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test? A. The security company is provided with all network ranges, security devices in place, and logical maps of the network. B. The security company is provided with no information about the corporate network or physical locations. C. The security company is provided with limited information on the network, including all network diagrams. D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.
B. The security company is provided with no information about the corporate network or physical locations.
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? A. Penetration test B. Vulnerability scan C. Load testing D. Port scanner
B. Vulnerability scan
Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server? A. MAC filter list B. Recovery agent C. Baselines D. Access list
C. Baselines
Which of the following is an indication of an ongoing current problem? A. Alert B. Trend C. Alarm D. Trap
C. Alarm
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges? A. All users have write access to the directory. B. Jane has read access to the file. C. All users have read access to the file. D. Jane has read access to the directory.
C. All users have read access to the file.
Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software? A. Application white listing B. Network penetration testing C. Application hardening D. Input fuzzing testing
C. Application hardening
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks? A. Application hardening B. Application change management C. Application patch management D. Application firewall review
C. Application patch management
Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns? A. Enforce device passwords. B. Use remote sanitation. C. Enable GPS tracking. D. Encrypt stored data.
C. Enable GPS tracking.
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly? A. Fuzzing B. Patch management C. Error handling D. Strong passwords
C. Error handling
An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code? A. Vulnerability scanning B. Denial of service C. Fuzzing D. Port scanning
C. Fuzzing
Which of the following application security principles involves inputting random data into a program? A. Brute force attack B. Sniffing C. Fuzzing D. Buffer overflow
C. Fuzzing
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application? A. Black box testing B. White box testing C. Gray box testing D. Design review
C. Gray box testing
The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: A. Stabilizing B. Reinforcing C. Hardening D. Toughening
C. Hardening
Which of the following pseudocodes can be used to handle program exceptions? A. If program detects another instance of itself, then kill program instance. B. If user enters invalid input, then restart program. C. If program module crashes, then restart program module. D. If user's input exceeds buffer length, then truncate the input.
C. If program module crashes, then restart program module.
Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need? A. Implement voice encryption, pop-up blockers, and host-based firewalls. B. Implement firewalls, network access control, and strong passwords. C. Implement screen locks, device encryption, and remote wipe capabilities. D. Implement application patch management, antivirus, and locking cabinets.
C. Implement screen locks, device encryption, and remote wipe capabilities.
An administrator finds that non-production servers are being frequently compromised, productionservers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement? A. Snapshots B. Sandboxing C. Patch management D. Intrusion detection system
C. Patch management
A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform? A. Patch management assessment B. Business impact assessment C. Penetration test D. Vulnerability assessment
C. Penetration test
Which of the following tools would a security administrator use in order to identify all running services throughout an organization? A. Architectural review B. Penetration test C. Port scanner D. Design review
C. Port scanner
Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption
C. Remote wipe F. Device encryption
A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here? A. Separation of duties B. Least privilege C. Same sign-on D. Single sign-on
C. Same sign-on
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability? A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes
C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message: "Heading to our two weeks vacation to Italy." Upon returning home, Joe discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home address? A. Joe has enabled the device access control feature on his mobile phone. B. Joe's home address can be easily found using the TRACEROUTE command. C. The picture uploaded to the social media site was geo-tagged by the mobile phone. D. The message posted on the social media site informs everyone the house will be empty.
C. The picture uploaded to the social media site was geo-tagged by the mobile phone.
Which of the following BEST represents the goal of a vulnerability assessment? A. To test how a system reacts to known threats B. To reduce the likelihood of exploitation C. To determine the system's security posture D. To analyze risk mitigation strategies
C. To determine the system's security posture
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network? A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review
C. Vulnerability scan
Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses? A. Penetration test B. Code review C. Vulnerability scan D. Brute Force scan
C. Vulnerability scan
A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed? A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing
C. Vulnerability scanning
Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network? A. Security logs B. Protocol analyzer C. Audit logs D. Honeypot
D. Honeypot
A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again? A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management
D. Application patch management
The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior? A. Acceptable use policies B. Host-based firewalls C. Content inspection D. Application whitelisting
D. Application whitelisting
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release? A. Product baseline report B. Input validation C. Patch regression testing D. Code review
D. Code review
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server? A. Penetration test B. Code review C. Baseline review D. Design review
D. Design review
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly? A. Baseline reporting B. Input validation C. Determine attack surface D. Design reviews
D. Design reviews
Methods to test the responses of software and web applications to unusual or unexpected inputs are known as: A. Brute force. B. HTML encoding. C. Web crawling. D. Fuzzing.
D. Fuzzing
Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing
D. Fuzzing
Which of the following security concepts identifies input variables which are then used to perform boundary testing? A. Application baseline B. Application hardening C. Secure coding D. Fuzzing
D. Fuzzing
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing? A. Penetration B. White box C. Black box D. Gray box
D. Gray box
Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server? A. DMZ B. Honeynet C. VLAN D. Honeypot
D. Honeypot
Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? A. It should be enforced on the client side only. B. It must be protected by SSL encryption. C. It must rely on the user's knowledge of the application. D. It should be performed on the server side.
D. It should be performed on the server side.
A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis? A. Insufficient encryption methods B. Large scale natural disasters C. Corporate espionage D. Lack of antivirus software
D. Lack of antivirus software
Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network? A. Application white listing B. Remote wiping C. Acceptable use policy D. Mobile device management
D. Mobile device management
Which of the following is the MOST intrusive type of testing against a production system? A. White box testing B. War dialing C. Vulnerability testing D. Penetration testing
D. Penetration testing
Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task? A. Fingerprinting and password crackers B. Fuzzing and a port scan C. Vulnerability scan and fuzzing D. Port scan and fingerprinting
D. Port scan and fingerprinting
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
D. White box